eval in superduper query parsingMITRE service request: 1987825
Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although the function attempts to limit the execution context by providing a restricted global namespace, it does not block access to dangerous built-in functions. A remote attacker can exploit this by submitting a specially crafted query string containing Python code that imports modules (e.g., os) and executes arbitrary system commands, leading to complete compromise of the server.
User-facing query strings flow into _parse_op_part() where operands are passed to eval() with a namespace that still exposes dangerous builtins (for example __import__). Any UI or API that forwards remote queries to this parser becomes a direct server-side Python execution primitive.
eval(operand, {'documents': documents}).os, invoke system, etc.__import__('os').system('id') style payloads while satisfying outer query grammar.Critical for internet-exposed superduper deployments with query features enabled.
eval; replace with AST-based safe evaluator or parameterized query DSL.